[Rdo-list] Quick tip: while logging/investigating SELinux issues
Kashyap Chamarthy
kchamart at redhat.com
Tue Jan 7 17:34:04 UTC 2014
I usually try these when I hit SELinux issues, thought
I'd quickly share here.
# Enable SELinux
$ setenforce 1
# Clear the audit log (so only relevant messages can be analysed later)
$ > /var/log/audit/audit.log
[Perform your offending test]
# Show a reference policy
$ cat /var/log/audit/audit.log | audit2allow -R
And, if you're feeling more adventurous, you can even generate
an SELinux reference policy and re-test it:
e.g. If you see Neutron issues from the previous command,
you can try
# Generate an SELinux loadable module package
$ audit2allow -a -M neutron
# Install the Policy Package
$ semodule -i neutron.pp
# Restart neutron-dhcp-agent again
$ systemctl restart neutron-dhcp-agent
See if it alleviates your problem.
Ref:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html
--
/kashyap
More information about the dev
mailing list